On 9/11/25 06:54, Naveen N Rao (AMD) wrote: > SEV features in the VMSA are only meaningful for SEV-ES and SEV-SNP > guests, as they control aspects of the encrypted guest state that are > not relevant for basic SEV guests. > > Add a check in check_sev_features() to ensure that SEV-ES or SEV-SNP is > enabled when any SEV features are specified. > > Reviewed-by: Nikunj A Dadhania <[email protected]> > Signed-off-by: Naveen N Rao (AMD) <[email protected]>
Reviewed-by: Tom Lendacky <[email protected]> > --- > target/i386/sev.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/target/i386/sev.c b/target/i386/sev.c > index 243e9493ba8d..fa23b5c38e9b 100644 > --- a/target/i386/sev.c > +++ b/target/i386/sev.c > @@ -509,6 +509,12 @@ static int check_sev_features(SevCommonState > *sev_common, uint64_t sev_features, > __func__); > return -1; > } > + if (sev_features && !sev_es_enabled()) { > + error_setg(errp, > + "%s: SEV features require either SEV-ES or SEV-SNP to be > enabled", > + __func__); > + return -1; > + } > if (sev_features & ~sev_common->supported_sev_features) { > error_setg(errp, > "%s: VMSA contains unsupported sev_features: %lX, "
